On Thu, Apr 11, 2002 at 02:01:51AM -0700, Aleksey Sanin wrote:
> AFAIK, the last fix was made back in October and it addressed
> an attack related to random numbers generator. I am not sure
> I have any fresh insider information on the topic :)
> The problem is that SHA256 and greater are became required
> in other standards (XML Encryption, for example). And quick
> search showed that there is no solid open source implementation yet.
With respect to my research the XML encryption is also still in draft
standard.
I agree on that SHA-2 will be a worthwile (and required) extension.
There exist open source implementations, but I have not looked into
this issue yet, so that I cannot give any statement about the quality.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
